package com.mallplus.common.security.filter;

import com.mallplus.common.core.xss.XssWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 一些简单的安全过滤： xss
 *
 * @author Hanson
 * @date 2023/4/17 1:06
 */
@WebFilter(filterName = "xssFilter")
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class XssFilter implements Filter {

    private static final Logger  log = LoggerFactory.getLogger(XssFilter.class);

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;

        // replaceAll("[\r\n]" =》 Potential CRLF Injection for logs
        log.info("AuthFilter RequestURI :{}", req.getRequestURI().replaceAll("[\r\n]",""));
        // 过滤
        filterChain.doFilter(new XssWrapper(req),resp);
    }
}
